Josue Torres

*** ****** **, ***** ****, M*Y *H*, Toronto, Ontario, Canada

Phone: 1-647-***-****

E-mail: acgkg7@r.postjobfree.com

Profile

. Over 8 years of experience in the software & optimization industry.

. Strong skills in object oriented programming and application design,

analysis, development, support and optimization.

. Strong knowledge of Windows, the .NET framework, open-source

programming and relational databases.

. Motivated and self-starter, with an aptitude for learning new tasks

quickly.

. Excellent interpersonal skills.

Professional Experience

Dec 05/2011 - Current Software Developer (FrontStream Holdings, LLC. Lacey

- WA. Toronto - ON)

. Develop for a multichannel platform enabling charities and non-profit

organizations to fundraise on the web, social networks and mobile

devices

- Support and enhance of a large CMS solution (e2RM). Wide use of

windows, web programming, security standards implementations, open

source and scripting technologies (See Programming Languages,

Frameworks and Technologies)

Mobile Development:

Android and iPhone Development (Maintenance and enhance of the

fundraise solution for android devices, App customization, build and

submission process to Google Play).

Hybrid Mobile Development with Ionic and ASP.NET Mobile Web Pages.

Artez Interactive - Frontstream LLC:

Native Android examples:

https://play.google.com/store/apps/details?id=com.artez.scotiabankchall

enge

https://play.google.com/store/apps/details?id=com.artez.leukaemiafounda

tion

https://play.google.com/store/apps/details?id=com.artez.bigmorningtea

https://play.google.com/store/apps/details?id=com.artez.nationalallianc

eformentalillness

https://play.google.com/store/apps/details?id=com.josue.products

https://play.google.com/store/apps/details?id=com.josue.square

Hybrid Apps (iPhone & Android - Ionic Framework and/or ASP.NET Mobile

Web Pages):

https://josuesimpleionicapp.herokuapp.com (Node.js app for iPhone &

Android)

https://securewalks.nami.org/registrant/mobile/mobileEventInfo.aspx?eve

ntid=143057&langpref=en-

CA&Referrer=https%3a%2f%2fadmin.e2rm.com%2fEventSummary.aspx

https://securewalks.nami.org/registrant/mobile/mobileDonate.aspx?eventI

D=143057&langpref=en-

CA&referrer=https%3a%2f%2fadmin.e2rm.com%2fEventSummary.aspx

https://secure.e2rm.com/registrant/mobile/mobileEventInfo.aspx?eventid=

157904&langpref=en-

CA&Referrer=https%3a%2f%2fadmin.e2rm.com%2fEventSummary.aspx

Native iPhone examples (Customization):

https://itunes.apple.com/us/app/aacr-foundation/id843270619?ls=1&mt=8

https://itunes.apple.com/us/app/namiwalks/id539478008?ls=1&mt=8

PCI DSS (Payment Card Industry Security Standards) compliance (look

for Artez Interactive)

http://www.mastercard.com/us/company/en/docs/SP_Post_List_2012.pdf

http://www.visa.com/splisting/searchGrsp.do

Several payment gateways for online credit card processing (ArgoFire,

authorizeNet, beanstream, miraserv, moneris, optimal, paradata,

payFlow, paymentech, paymentechOrbital, payPalExpressCheckout,

payPalPro, ticketMaster (IATS), wordPay, SecurePay)

Security compliance explained:

Database Level:

1. Localized used of the HashByte SHA1-512 sql function to hash

SaleForce system administrator passwords and Ids.

2. Implemented double base64binary sql table fields for encrypted

passwords for clients (legacy and hashed password).

3. Granted restricted executed permissions to the related stored

procedures.

4. Granted write access only to database administrators (no

developers).

5. Granted read access only through the jump server to developers

(Extra server being monitored by IT). Developers need an extra key

generated by a third party application to log into the database

server and then log into the related live servers for reading.

Granted VIEW DEFINITION permission only to developers and

administrators.

Application Level:

1. All application iframe urls are encoded with an HMACSHA256 secret

key (ie: facebook iframe)

2. For login: Implemented class with the following functionality:

To satisfy the hashed password field - See Database Level (2):

Implemented the PBKDF2WithHmacSHA1 algorithm by instantiate the

SecretKeyFactory class with the SecureRandom class implementation

for the salt parameter. Used 10000 iterations and a byte[20] for

the salt length and an implementation of the PBEKeySpec class to

hash the parameters.

To satisfy the legacy password field - See Database Level (2):

Implementation of the MessageDigest (MD5) class is in place.

Functionality for lockout clients when login attempts fails is

implemented.

3. Encrypt / Decrypt credit card numbers: Implementation of the

RCAPublicKeySpec class when dealing with this database field.

4. Implemented a CSRF security token functionality to expire the

session along with a MAC validation maximizing the protection

against CSRF and session fixation attacks.

5. Implementing secure coding practices all over the application by

validating all user inputs against html tags white lists maximizing

the protection against XSS attacks.

6. Implementing secure coding practices against SQL injection attacks

by using parameter validation in code and validate all user inputs.

Dynamic queries are prohibit when develop code to interact with the

databases.

7. Implemented algorithms for parsing html to allow user to create

their own microsites by submitting html and javascript into the

databases. Used Jsoup as tool.

8. Daily use of OWASP Zed Attack Proxy (ZAP) tool to mimic attacks to

specific pages and validate those pages against these attacks.

Ensuring compliance with the Open Web Application Security Project

(OWASP) by following its directives.

9. Security driven code review is mandatory for every code alteration.

10. Implementing coding practices considering the existence of a valid

server https certificate to secure packages transport over the

network.

Nov 01/2010 - Nov 18/2011 Application Developer and Database Developer

and Administrator (Adlure Media Inc. Toronto)

. Application Development and Administration

- E-Commerce Integration. Implementation of different E-Commerce APIs

like AbleCommerce.

- Content Management System (DotNetNuke, Wordpress). Developed wide

amount of web sites by using CMS technologies by creating rich content

management tools in .NET and PHP-Wordpress open source technologies.

- Social Media Integration. Wide use of Youtube, Facebook, Twitter and

Flickr by using Google and others web API allowing integrating into

the web site data from those interface using javascript and RESTful

services.

- Custom Applications. All kind of windows development by using.

- Database Design, development and Administration. SQL SERVER 2000 -

2008, SSIS, SSRS, SSAS.

- Micro-site development. Web 2.0: blogs. Developed blogs in Wordpress,

PHP and Mysql.

- Google analytics integration. Set up different goals to be measured by

google analytics statistics.

Dec 20/2008 - Jan 05/2010 Engineering and Software Developer (Telax

Hosted Call Centre Inc. Toronto)

. Workforce Management (To achieve an optimal human resources management

in a Multi-Skill inbound-Call Centre (several languages are spoken) to

satisfy a variable service level by means of mathematical methods and

models - Simulation & Optimization).

- Solved the mathematical problem of HR Optimization in a Multi-Skill

inbound-Call Centre. Built a forecasting, workforce and capacity

planning application for a Multi-Skill inbound-Call Centre. Built the

Multi-Skill inbound-Call Centre Simulator. Developed the related COM-

enabled assemblies (.NET).

. Improvement and Optimization of the Agent Script solution:

- Issue: Due to the high traffic in a intranet network (more than 100

Call Centre agents accessing a web based solution (.NET)

simultaneously to serve incoming client calls), and a poor programming

design and architecture; the overall output is a server response delay

and application resources starvation.

- Solution: Front-end and back-end redesign of the solution by applying

programming web technologies such as javascript, jquery and AJAX as

well as a comprehensive restructuring of the SQL SERVER optimization

approach, the stored procedures and functions jointly with a proper

use of the .NET framework 3.5 (C#).

Apr 2003 - Jul 2007 Engineering and Software Developer (Citmatel.

Havana, Cuba)

. Designed, developed and documented solutions to find the shortest path

among data terminals to improve the data transfer among them, by means

of mathematical methods and models - Optimization. Developed the

related software components.

. Designed, developed, documented and maintained most software

components required by the organization (database, transaction

servers, website, reports, and monitoring tools).

. Implemented communication interfaces with third-party software

components.

Sept 2001 - Jun 2003 Software Developer (Advanced Business Control, CIMEX

Corp. Havana, Cuba)

. Participated in the design and development of several modules for a

large POS system (wireless dish-ordering application for hand-held

terminals, transaction server and database access modules,

communication protocols and interfaces with back-office software,

monitoring and alarm-management utilities).

Certifications

. TS: Microsoft SQL Server 2008 - Database Development. (2010).

. TS: Microsoft .NET Framework 3.5, ASP.NET Application Development.

(2010).

. TS: Microsoft .NET Framework 3.5, ADO.NET Application Development.

(2010)

Education

. PCI DSS Open Web Application Security Project (OWASP) Control Case

Training (2014)

. .NET Solutions. Humber College, Toronto (2010)

. Electric Engineering. Havana University, Cuba (2001)

Programming Languages, Frameworks and Technologies

. Visual Studio 2012-13 C#, Eclipse, PHP, C, C++, IIS, Apache, Windows,

Linux. Ionic

. MS SQL Server 2000 - 2008, T-SQL, MySql, SQLite, Postgresql, EF,

Nhibernate, SSAS, SSRS, SSIS, Crystal Reports.

. ASP.NET, ajax, javascript, javascriptMV* frameworks and libraries

(AngularJS, Backbone, KnockoutJS, Node.js, Testing Frameworks),

jQuery, CSS3, HTML5, XML, XAML, Silverlight, WCF, WPF, Web Services,

MV*, Web API, TCP/IP.

. IoC and DI support for .NET (Ninject)

. Android SDK. Google Play and Apple Store Build and Submission process.

. Play Framework (Java MVC Framework), Java. Hibernate, JPA, Ebean.

. IoC and DI support for Java (Guice).

. Scala, Maven.

. DotNetNuke (DNN), Wordpress, Custom CMS.

. Ruby on Rails.

. Cloud Computing (AWS, Azure, Heroku).

. Source Control (TFS, SVN, Bitbucket, Git).

. Agile, SCRUM (JIRA). Continuous Integration (TeamCity, Bash scripting,

NAnt, Ant).

. Testing (NUnit, JUnit, Moq Framework). Resharper, Telerik. Windows

Scripting, Python.

. WCAG 2.0 Compliance (Web Content Accessibility Guidelines), SEO

. MS Office, MATLAB, Simulink, SSPS, Minitab, AutoCAD.

References

Available upon request

Contact this candidate